search for: max_allow_us

Hey everyone, I have been using sftp for quite some time now and we have just hit 256 sftp users. Line 21 of servconf.h reads: #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ I am curious why this is in a header file and not something that is in sshd_config that can be changed without recompile? Thanks in advance! -- James Dennis Harvard Law School "Not everything that counts can be counted, and not everythi...

Hello! We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH). Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type: ???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */ ???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */ ???#define MAX_ALLOW_GROUPS ?????10000 ????/* Max # groups on allow list. */ ???#define MAX_DENY_GROUPS ????????10000 ????/* Max # groups on deny list. */ and con...

Hello! > Hello! > > We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH). > Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type: > #define MAX_ALLOW_USERS 10000 /* Max # users on allow list. */ > #define MAX_DENY_USERS 10000 /* Max # users on deny list. */ > #define MAX_ALLOW_GROUPS 10000 /* Max # groups on allow list. */ > #define MAX_DENY_GROUPS 10000 /* Ma...

...{ "denygroups", sDenyGroups }, { "ciphers", sCiphers }, { "macs", sMacs }, { "protocol", sProtocol }, { "gatewayports", sGatewayPorts }, { "subsystem", sSubsystem }, @@ -761,16 +764,36 @@ if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); options->allow_users[options->num_allow_users++] = xstrdup(arg); } break; + case sAllowUsersFixedname: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (...

...+ case sAllowGroups: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_groups >= MAX_ALLOW_GROUPS) --- openssh-3.4p1.vanilla/servconf.h Thu Jun 20 21:09:47 2002 +++ openssh-3.4p1/servconf.h Wed Jul 3 11:23:26 2002 @@ -20,6 +20,7 @@ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ #define MAX_DENY_USERS 256 /* Max # users on deny list. */ +#define MAX_CHROOT_USERS 256 /* Max # users on chroot list. */ #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ #define MAX_DENY_GROUPS 256 /* Max # groups on deny list....

...any deny groups.", filename, linenum); options->deny_groups[options->num_deny_groups++] = xstrdup(arg); + } + break; + + + case sPubkeyAllowUsers: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_pkey_allow_users >= MAX_ALLOW_USERS) + fatal("%s line %d: too many public key allow users.", + filename, linenum); + options->pkey_allow_users[options->num_pkey_allow_users++] = xstrdup(arg); + } + break; + + case sPubkeyDenyUsers: + while ((arg = strdelim(&cp)) && *arg != '\0') {...

Hey, After discussing the limit of MAX_ALLOW_USERS I've been trying to use AllowGroups instead. In the config file I have the AllowUsers lines before the AllowGroups lines (I have tried both ways) and it appears that the presence on the AllowGroups directives seems to blow away any Allow* directives I have set. I'm not sure how to ch...

...1 *************** *** 93,98 **** --- 93,99 ---- int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int use_login; /* If true, login(1) is used */ + char *sys_environment_file; int allow_tcp_forwarding; u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; diff -r -c openssh-2.5.1p1/session.c openssh-2.5.1p1-1/session.c *** openssh-2.5.1p1/session.c Sun Feb 18 11:13:34 2001 --- openssh-2.5.1p1-1/session.c Thu Mar 1 15:46:11 2001 *************** *** 1261,1266 **** --- 1261,1269 ---- /* read $HOME/.ssh/environment. */ if (!options.use_lo...

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

...ot permit empty * passwords. */ int use_login; /* If true, login(1) is used */ + int use_chroot; /* If true, do a chroot to homedir */ + int chroot_group; /* If nonzero, chroot only when equal + to gid */ unsigned int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; unsigned int num_deny_users; diff --ignore-space-change -u openssh-2.2.0p1/session.c openssh-2.2.0p1chroot/session.c --- openssh-2.2.0p1/session.c Wed Aug 30 00:21:22 2000 +++ openssh-2.2.0p1chroot/session.c Sun Oct 22 20:20:57 2000 @@ -947,6 +947,20 @@ } } #endif /* USE_PAM */ + + /*...

...ptions->allow_tcp_forwarding; goto parse_flag; +#ifdef USE_PRIVSEP case sUsePrivilegeSeparation: intptr = &use_privsep; goto parse_flag; - +#endif case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) --- openssh-4.2p1/sshd.c~ 2005-07-26 12:54:56.000000000 +0100 +++ openssh-4.2p1/sshd.c 2006-01-07 18:12:40.000000000 +0000 @@ -200,9 +200,11 @@ u_int utmp_len = MAXHOSTNAMELEN; int *startup_pipes = NULL; int startup_pipe; /* in child */ +#ifdef USE_PRIVSEP /* variables used for privilege...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the